Re: [bad] [certtest] OCSP validation of the SSL certificate for https://certtest.ripe.net is failing

To: Marcus Stoegbauer ms@localhost

From: Tim Bruijnzeels tim@localhost

Date: Mon, 22 Dec 2008 12:01:54 +0100

Hi Marcus,

thanks for your pointer, we did not realise that the current setup could
cause problems for firefox3.

The reason why you get this error code, which I think is a warning only
in the default setup, is that we are using a certificate issued to
'*.ripe.net' instead of 'certtest.ripe.net'. This is because of
financial and logistic reasons, and because we thought it wouldn't
matter for the beta environment.

When we set up the real production environment we will address this
again and get a certificate that is issued to the specific hostname that
we will be using then.

Cheers,
Tim
Marcus Stoegbauer wrote:

Hi,
in case you have problems connecting to https://certtest.ripe.net with
Firefox3, have a look at Preferences/Advanced/Encryption, Button Validation.
If you have the option "When an OCSP server connection fails, treat the
certificate as invalid" enabled, you will get the following error message
from Firefox:
Secure Connection Failed
An error occurred during a connection to certtest.ripe.net.
Invalid OCSP signing certificate in OCSP response.
(Error code: sec_error_ocsp_invalid_signing_cert)
As far as I can tell the OCSP servers at the registrar who issued the
certificate for certtest.ripe.net claims that the cert is unknown to him.
Marcus

The RIPE NCC uses cookies. Some of these cookies may have been set already. More information about our cookies can be found in our privacy policy. You can accept our cookies either by clicking here or by continuing to use the site.